I. Origin of ICMP
The best datagram communication service provided by the IP address has no connection service, but it cannot solve the problems of Low-layer datagram loss, duplication, delay or disorder, the TCP Connection Service established on the IP base solves the above problems and cannot solve the problem of network faults or packets that cannot be transmitted due to other network reasons. Therefore, the purpose of the ICMP design is to provide reports when the IP packet cannot be transmitted. These error reports help the sender understand why the packet cannot be transmitted, what problems have occurred in the network, and determine the subsequent operations of the application. Note: there is a mechanism in the IP address for Error Detection-it is used to detect the header check for transmission errors.
Ii. Role of ICMP
Iii. Composition of ICMP packets
4. No ICMP Packets
Although in most cases, an ICMP packet should be sent to an incorrect packet, in special cases, an ICMP error message is not generated. As follows:
- ICMP error messages do not generate ICMP error messages (imcp query messages) (prevent unlimited generation and transmission of imcp)
- The destination address is the IP datagram of the broadcast address or multicast address.
- As the datagram of link layer broadcast.
- It is not the first slice of an IP address.
- The source address is not a datagram of a single host. This means that the source address cannot be zero, loop back, broadcast address, or multicast address.
Although some of the provisions are not quite clear yet, all these provisions are defined to prevent the infinite transmission of ICMP packets.
ICMP is generally divided into two types: Query Packets and error packets. The query message has the following purposes:
- Ping query (do not tell me you do not know the Ping program)
- Subnet Mask query (used to initialize the subnet mask when the diskless workstation initializes itself)
- Time stamp query (can be used to synchronize time)
5. Two-Level ICMP Encapsulation
Each ICMP packet is transmitted over the Internet in the data part of the IP datagram, while the IP datagram is transmitted through Iot in the data part of the frame.
Vi. ICMP Message Type
ICMP defines five common error messages and six query message types, and uses code to express the segments of different types of messages.
VII. Application of ICMP
A. Ping
Ping is the most famous application of ICMP. When a website cannot be accessed. Usually ping this website. Ping will display some useful information. The general information is as follows:
The word Ping is derived from the sonar location, and this program does the same thing. It uses ICMP protocol packets to detect whether another host is reachable. The principle is to request ICMP requests with a type code of 0, and the requested host responds with an ICMP response with a type code of 8. Ping the program to calculate the interval and the number of packets delivered. You can determine the network conditions. We can see that ping provides the data of the transfer time and TTL. The example I gave is not very good. Because there are few routes, You can ping a foreign website, such as sf.net, if you are interested. Then you can see packet loss, the program runs for a longer time.
Ping also gives us a chance to view the route from the host to the target host. This is because, when the ICMP ping request datagram passes through a vro, The vro will put its own IP address in the report. The target host will copy the IP address list to the host in response to the ICMP packet. However, in any case, the list of routes that the IP header can record is very limited. To observe routing, we still need to use a better tool, that is, traceroute (tracert in Windows ).
B. Traceroute
Traceroute is an important tool used to detect routes between the host and the target host. It is also the most convenient tool. As mentioned above, although the ping tool can also perform detection, Ping cannot completely record the router that passes through due to the IP Address Header restriction. So traceroute just fills this gap.
The principle of traceroute is very interesting. After receiving the IP address of the target host, it first sends a TTL = 1 to the target host (Do you still remember what TTL is ?) After the first router receives the packet, the TTL is automatically reduced by 1 and the TTL is changed to 0, the router discards the packet and generates an ICMP datagram that is inaccessible to the host. After receiving the datagram, the host sends a UDP datagram with TTL = 2 to the target host, and then stimulates the second router to send an ICMP data report to the host. Until the target host is reached. In this way, traceroute obtains all the router IP addresses. This avoids the problem that the IP header can only record limited routing IP addresses.
Someone asked, How do I know that UDP has not reached the target host? This involves a technical problem. The TCP and UDP protocols have a port number definition, while common network programs only monitor a few ports with smaller numbers, such as 80, for example 23, and so on. Traceroute sends a UDP packet with the port number> 30000 (abnormal). When the target host arrives, the target host can only send an ICMP datagram with a port inaccessible to the host. Once the host receives this report, it will know that the host has arrived. Therefore, traceroute is a scammers and cannot be used at all :)
The traceroute program provides some useful options and even includes IP address routing options. Please refer to the man document to learn about these options. I will not go into details here.
Traceroute has two methods:
One type:An ICMP Response Request message occurs. The target host generates an ICMP Response Message. This method is used in Microsoft implementation (tracert.
When a response request arrives at the target host, ICMP generates a reply message.
The source address is equal to the destination IP address in the received request message.
Another type:A datagram is generated to a non-existent application process. The target host generates an ICMP Destination unattainable packet. Most traceroute programs in UNIX use this method.
The traceroute program sends a UDP datagram to the target host, but it selects an impossible value as the UDP port number (greater than 30000), making it impossible for any application of the target host to use this port. When the data is reported, the UDP module of the target host generates an ICMP packet with the "port inaccessibility" error. In this way, the traceroute program needs to distinguish between the received ICMP message timeout and port inaccessibility to determine when the packet ends.